detection.wiki

Microsoft-Windows-EtwCollector

3 events across 1 channel

Event IDTitleChannel
1Profiling for target ({ProcessID}) has started.Operational
2Profiling for target ({ProcessID}) has stopped.Operational
5Machine [Name: {Name}] [OS Description: {OSDescription}] [Architecture: …Operational

Event ID 1 — Profiling for target ({ProcessID}) has started.

Provider
Microsoft-Windows-EtwCollector
Channel
Operational

Description

Profiling for target ({ProcessID}) has started.

Message #

Profiling for target ({ProcessID}) has started.

Fields #

NameDescription
ProcessID

Event ID 2 — Profiling for target ({ProcessID}) has stopped.

Provider
Microsoft-Windows-EtwCollector
Channel
Operational

Description

Profiling for target ({ProcessID}) has stopped.

Message #

Profiling for target ({ProcessID}) has stopped.

Fields #

NameDescription
ProcessID

Event ID 5 — Machine [Name: {Name}] [OS Description: {OSDescription}] [Architecture: {Architecture}].

Provider
Microsoft-Windows-EtwCollector
Channel
Operational

Description

Machine [Name: {Name}] [OS Description: {OSDescription}] [Architecture: {Architecture}].

Message #

Machine [Name: {Name}] [OS Description: {OSDescription}] [Architecture: {Architecture}]

Fields #

NameDescription
Name
OSDescription
Architecture